Active Directory and OO LDAP config

Im not having much luck configuring LDAP (AD W2k8 R2) auth with OO (version 9.07), I have spent almost a day on this problem and have read the other posts relating to OO LDAP Auth.

OO doesnt seem to be able to see any other group aside from Domain Users and thats only when i point the contexts to the top of the LDAP tree, when i point it to the contexts shown below it fails to see the group I'm pointing to (MS). Even when it does see the Domain Users group it fails to recognize my user as a member of it.

Ive tested everything as far as attributes using ADSI Edit and LDAP paths using ADFind so i know they are correct, any help on this would be most appreciated.

When I was making the change yesterday I noticed if I set "List of user context attribute names which can be used as groups." to memberOf OO returns all the groups I am a member of yet still fails to see me as a member of any of them. Im testing as a Domain admin as well so still not sure what the issues might be...

it needed to point to where my useraccount is, so "OU=Access Groups" shouldnt have been in there, and I was pointing to a "CN" not an "OU" since MS is a Organisational Unit not a container.

for "Attribute of any group (returned from the group search), to use as group name" we added: name (same as the example in the LDAP config in OO)

for "List of user context attribute names which can be used as groups. The list separator is a ";"." we left this blank

for "LDAP search filter used in the user search" we set back to the same as the example in the LDAP config in OO:

(&(objectClass=person)(|(sAMAccountName={0})(uid={0})))

(the HP guy said he has never had to change the above value from this in order to get it working)

also - dont forget to create a group in OO which maps to a group the users who will be logging in are in. For me i used the same group referenced in the "LDAP search filter that tries to match the user groups" which is MS in my config above. The mapping seems to work just by putting the group name in there as opposed to using an LDAP path